SQL as a language is vulnerable to injection attacks because it allows mixing of instructions and data, which attackers can conveniently exploit to achieve their nefarious objectives.

The root cause behind successful SQL injection attacks is the execution of user-supplied data as SQL instructions. This classic cartoon illustrates the perils of trusting user inputs, and how they can lead to a successful SQLi attack:

From the webcomic xkcd:

Continue reading …

About 95 percent of HTTPS servers are vulnerable to connection hijacking, opening the door for hackers to launch man-in-the-middle and other devastating cyber attacks. That’s according to a Netcraft study released about a week ago. The reason for this concerning situation? Only 5 percent of HTTPS servers have a correct implementation of HTTP Strict Transport Security.

Continue reading …